Overview

overview

10

Static

static

4

HowToBeatP...ci.pdf

windows7-x64

1

HowToBeatP...ci.pdf

windows10-2004-x64

1

NEW PAYPAL...14.pdf

windows7-x64

1

NEW PAYPAL...14.pdf

windows10-2004-x64

1

PolishPaypal.pdf

windows7-x64

1

PolishPaypal.pdf

windows10-2004-x64

1

Profiting ...i.html

windows7-x64

1

Profiting ...i.html

windows10-2004-x64

1

ScrewPaypal.pdf

windows7-x64

1

ScrewPaypal.pdf

windows10-2004-x64

1

StealthPaypal.pdf

windows7-x64

1

StealthPaypal.pdf

windows10-2004-x64

1

The Ultima...de.pdf

windows7-x64

1

The Ultima...de.pdf

windows10-2004-x64

1

Unlimited ...ut.pdf

windows7-x64

1

Unlimited ...ut.pdf

windows10-2004-x64

1

Yasuo.Payp....5.lnk

windows7-x64

10

Yasuo.Payp....5.lnk

windows10-2004-x64

10

files/Yasu....5.exe

windows7-x64

10

files/Yasu....5.exe

windows10-2004-x64

10

paypal stealth.pdf

windows7-x64

1

paypal stealth.pdf

windows10-2004-x64

1

Resubmissions

19-07-2024 13:39

240719-qx588sxcnf 10

07-06-2024 19:08

240607-xs7d3acc41 10

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Profiting from Paypal - TCF Wiki.html

  • Size

    32KB

  • MD5

    f69df598aa45d488ec12cc5438030ab6

  • SHA1

    5ed2d3740dd741b5a1be1d7dd0d1c43f64d9537e

  • SHA256

    fe8e7883656dcdf0ff4a05c3905397aeeecd0c75cc4b5d06b80e1536e11bc989

  • SHA512

    97f0d6dc1d0a51576ddbe80424898e2128d20021aea0c79265747727c645a74871178dae01cf8960baee4cb8c2fdaf3c2b18efc43d5dd85b66103420813dc325

  • SSDEEP

    384:aMPfdUrfTVBFPzDsjvr9ZMFgTvGoDYCvwe4yW165e/hVOl1i3mVCDLNZpc6TU1zx:aMPfEh7LWxZoyC6OgivZpcTaCW4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Profiting from Paypal - TCF Wiki.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a31e12258090fbbb632085ca668fb79

    SHA1

    b0882e9982289aac720f0b6b9cb8af412abe5180

    SHA256

    254120ed0e3faa15684b56c2e7b31470723632f5f678de75587978253c586196

    SHA512

    82887c41e02fc54e560c0aba180289ab767e0c7e4d5b1fa49d5d8c9547a6f99cd4b3b413266dd62d830228519879ca35344bababf5860a2cb518636c4f682051

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c88260a5141a1c9cd0f4b702983240c6

    SHA1

    bd28cbf1090bc2d8ded777846b8f3932c851075c

    SHA256

    7ac8e43001c1634b9eb33d50af3e6de44605580b6a8aa281efe9a56ebba73777

    SHA512

    632f853446c6eda307bf7f71750dac2f9f495af2956272e3e864ed37621f9ef8ae75b4b19f3511b5c99e42f9a14f89128513a9b0248d0b1e69d6b9220122351e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6052f27f7ecbeaa3a94a3cbaf31eafd

    SHA1

    ff6ec4837794610bd2260149f5f6ee7ac4e93977

    SHA256

    8e235d1c10df67f68c007ef6bfcb7ea43c78d27cfda2a3c6b48850f5cbaa3dd7

    SHA512

    9736b36d1c89c9239a587460e53703c7e51fc0ba4a70cf0a93994b579d273489e11f7318c689ef9aeeb32986cc78a8f9588152c0ddeb04155ab568c71289c98e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48505b163ad6598a25623ded8bcc9fdd

    SHA1

    811fa8acd6848b09f7235c9854b30ebe4dff720f

    SHA256

    0fd00bd51ce9a675fa9f05a16156c0f901cb13c41843892cacf8352d2264d2b4

    SHA512

    2c825535e9d01166a18844bafc7255e4e65d9f06918a6d0f9ff6687dedd8f37beb380b97d40a5617c73b6377f88686e9810950fb65c983f894fec28b54d5f1bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    608fba1fdb96429726a3b989f6d3007c

    SHA1

    5a9b7dbf3e6d64852d92633f1062c6e1ec809200

    SHA256

    84ce5369a725f0a3ff2a866afc7244c48b844ff854e88450954a9954373dd78c

    SHA512

    61b50823bc55623790361f529f12dedef7934d294eaba471edf7ec6e20620c341e79e51c4ba6232f777da35acd01715edfd4de3f8453bb9e0a5980cade815e24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6aa00782b8543279df817a3270a994d7

    SHA1

    501377befef28764846dcc926e907127c66816e2

    SHA256

    f01e82f55c3823c30d21d63b0f64244d7e659216db1c45087f5fe8733e15493f

    SHA512

    3f29627e3492865938e8ba66819b860b764650eaef4cacd541cadc2b132d99d4e8078b503e0a46c1a13fb5c19300a5b0c30a6b1a73763b571c75eeb4af5e8cc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d1982bdf71a92faf5e7d5020e885088

    SHA1

    e494949e8c81b61077afa9f701c1b6ee1469e247

    SHA256

    d51e81e40d25ab0b3d70506a5fefce788c651f77290011923c727e3f23678837

    SHA512

    e0e01f4a73ee4212199f5f8110d5c3fe0d691c751a421f27d19c21eeac76ec8b1db2f8e7cf449d09e8f41dd6ac8b42b07148a013a35c9b3cf46a2b68eddb9f56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14d3263d1346d094618f3d882f1408bd

    SHA1

    d032f8c064012b2f4c02a1bdfd0060541d203374

    SHA256

    78f56aadb119c0bb3c035b4a75805b8ef1b3b5901f5b8447177d7af134b91443

    SHA512

    402dfa12fa00d6a54c7ac6dbc182a1ef6b1851ea853d74a6e59239e9b1e4863f34bbd23a65b93839a12501d11b16c4cf391a2953d93430b2224b136bfd5a94fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d990c5217b19d571af7349d4e223c85

    SHA1

    a3059d51ea48d700e58749e4059445ef21ec19e0

    SHA256

    51d677d9b405b474ae18ddcf2f63006d33c79c16e3edb3cc43a0782992577b51

    SHA512

    e403345bd9935897b8abe3283e2c98b19d8b96d7707de0d7f8c66f2c7c2f15ee36e2e192603fe83d8c2cf4aba1638c1d3093a89a4b01aa52ba702508d53ed0a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1018d0db60915cdc5a8822fc9612f360

    SHA1

    7ea8a74a3dc178a3c349facf2341f42dcb6d2be8

    SHA256

    40462ce30e97c10e5c00f4007da52e1cc17b63021dfa9d3c5bcda30a7aaf6791

    SHA512

    466f8fab91f179869184bebec57f5ec47c58a0be2c5b4c2730da7f12a42bcba5a0556ad3e5039336f62f24336bd1f4bdd105a227e121dca2e016297974c61a1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e50df701de7bd48303522b78d020446f

    SHA1

    ce8af45bf1e0f1ac155161c5b609989db76b6e76

    SHA256

    7744d381ed84f617db369a8cb6f0f2df5a535f2b5e477b536b8d20ffe5219e7f

    SHA512

    a3951e9bdcca85facb0db7defdb72988dfe3e8672b5250d6caaaff9bddd2f932d7eb340fe0a2664cbc8da5261e9b4deac077fe7eaba43fd35411a5ef851f7d96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90dfbbb0873bdfed8ac2c73c005e620c

    SHA1

    bd74007de86712a27756a696e60ba50166f62ef5

    SHA256

    6590d0c8911541107f434a61058ae12da3f458bfa3ead76302f190df7716fd07

    SHA512

    f7111456e26067d23fed0641ccb74ab62b560a548fab1c5b944a9b8cc939090dca5ed2d4c9c509faf8001dd4e94b991753c8936fce028d165133f4051930879c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05960fe74e80f95d790cb7546ef686c2

    SHA1

    f74f17b1c1c4086bf3a0db41f437b89c791c56ae

    SHA256

    1ddbefadc180db49ace02678725a7baedbd7a383a2548708cec408f2b63416b9

    SHA512

    865a7a1faa63852b06c23b64b62579457309243851800570c5ac9a4ccf577ad9c4bea848d5dd43e378ede1ad75dcf59fadbef4bedd3c29249775503d0ced2a09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc3a5aec6ea61e0f6cb575866d69a332

    SHA1

    82dac04399961159d6ebbb546f3ee81ca32810c8

    SHA256

    54aa3d30d21072df68eb88812f6c5d81a2d9ba07f5302fa158b5d5d2b41cd49e

    SHA512

    d120b730f7ef0603fad3d4646db6f0da2fe67b44109f3b0bdd7d7ea935aeea2c183219be3745a3b7e0db69f4c43b540b0d6b3fcac3d0916c78415b6c649de1e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3694c9fe988c8eaabe04390b48b2080b

    SHA1

    6d66830bdf30cf315c3a69d74e556266da4e0861

    SHA256

    8f02e684f7da1ba1d5295f35e11068c68cff0bcdd65646b04a76fbe341edfabe

    SHA512

    3e89f046960e07b1a122872a3b37ca74340d150f2fb19d8e39197378fc92a837cfbfc448936c450f28c9865c28fe69e5942d760a2ee925f74b36bd213efff929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e89971f61ea630490c913c580ad3ff6a

    SHA1

    ca062b39a7c69a42673ca23d7a16af987a80ae92

    SHA256

    d232f31f440b701e9dfcc6ce70a2c77ef82240d771832ebdd40254c0b1baf58d

    SHA512

    d72fb450adf8eb793bb886ef44015318c7f93cd2061bc41627703e7ec1807f1e098894ced27668c93c6b879b0c205a3f5bcf69bfe9cbec62decee086819d4ffe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c680eaf9853ede2d1b1b062c36e476b

    SHA1

    1fb1f957c38f6e8a4f03b9ea76c45125c0c32d8e

    SHA256

    7945116ddb18e8e8a4181b1a6a42da4b530d45e6eacb59dabec736084bad80ff

    SHA512

    d450dfd3e26760c288da7591ae6bfb1467cf8967dccebba52d142bce0fb7a9e462c72f49103cbe9ea73401fabc4f4e9723e1e01e982008660ae3a03e210b5937

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4805a6b41d370b97e521950c89e5adf2

    SHA1

    be1438f17b7c8ff50721218650fea54c8722436a

    SHA256

    54835c998d7cff6bb19bac5cc1e9dd52520287f80806787391d89e640a2979c1

    SHA512

    c3a5084d7f739dc5e0b3b5197135185412f6032da749bbda972624b7bdb99cbd7f3ca3fe26ad6f92930c5e305f100abb4cb0aca3f46371d64ef1990802250a8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4961.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4A53.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit